Abstract
In this work, we apply a secure protocol design methodology to a protocol based on a recently proposed email-based registration protocol. With this task, we aim to emphasize the need of incorporating such techniques as a main component of the protocol design process, not just as a desirable feature. The process herein described highlights the advantages in terms of the obtained security guarantees added to the final design, and also helps in the endeavor of further evaluating the applied methodology and the analyzed protocol.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
European Union: Cybersecurity strategy of the european union. Technical report, Joint Communication to the European Parliament, the Council, the European Economic and social committee and the committee of the regions (2013)
Hernan, S., Lambert, S., Ostwald, T., Shostack, A.: Uncover security design flaws using the stride approach (2006), http://msdn.microsoft.com/en-us/magazine/cc163519.aspx
CCMB-2009-07-003: Common criteria for information technology security evaluation – part 3: Security assurance components. Technical report (July 2009)
Matsuo, S., Miyazaki, K., Otsuka, A., Basin, D.: How to evaluate the security of real-life cryptographic protocols? In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J.M., Sako, K., Sebé, F. (eds.) RLCPS, WECSR, and WLC 2010. LNCS, vol. 6054, pp. 182–194. Springer, Heidelberg (2010)
Diaz, J., Arroyo, D., Rodriguez, F.B.: A formal methodology for integral security design and verification of network protocols. Journal of Systems and Software 89(0), 87–98 (2014)
Diaz, J., Arroyo, D., Rodriguez, F.B.: On securing online registration protocols: formal verification of a new proposal. Knowl.-Based Syst. (in press, 2014)
Garfinkel, S.L.: Email-based identification and authentication: An alternative to pki? IEEE Security & Privacy 1(6), 20–26 (2003)
Diaz, J., Arroyo, D., Rodriguez, F.B.: An approach for adapting Moodle into a secure infrastructure. In: Herrero, Á., Corchado, E. (eds.) CISIS 2011. LNCS, vol. 6694, pp. 214–221. Springer, Heidelberg (2011)
Backes, M., Maffei, M., Pecina, K.: Automated synthesis of privacy-preserving distributed applications. In: Proc. of ISOC NDSS (2012)
Dolev, D., Yao, A.C.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–207 (1983)
Blanchet, B.: ProVerif Automatic Cryptographic Protocol Verifier User Manual. CNRS, Département d’Informatique École Normale Supérieure, Paris (July 2010)
Blanchet, B.: Automatic verification of correspondences for security protocols. Journal of Computer Security 17(4), 363–434 (2009)
Rolando, M.G.F., Salvador, C.H.: Knowledge system for application of computer security rules. In: Herrero, Á., Gastaldo, P., Zunino, R., Corchado, E. (eds.) CISIS 2009. AISC, vol. 63, pp. 9–17. Springer, Heidelberg (2009)
Diaz, J., Arroyo, D., Rodriguez, F.B.: Pseudocode and ProVerif code for the analyzed protocol (2013), http://www.ii.uam.es/~gnb/dar13-psc-code.tgz
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Diaz, J., Arroyo, D., Rodriguez, F.B. (2014). Methodological Security Verification of a Registration Protocol. In: de la Puerta, J., et al. International Joint Conference SOCO’14-CISIS’14-ICEUTE’14. Advances in Intelligent Systems and Computing, vol 299. Springer, Cham. https://doi.org/10.1007/978-3-319-07995-0_45
Download citation
DOI: https://doi.org/10.1007/978-3-319-07995-0_45
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07994-3
Online ISBN: 978-3-319-07995-0
eBook Packages: EngineeringEngineering (R0)